Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
EMC Replication Manager Client irccd.exe Misconfiguration Exploit The best practice for installations of EMC Replication Manager is to register a Replication Manager Client (irccd.exe) instance with the appropiate Replication Manager Server (ird.exe) as soon as the client software is installed on a host. Registration is performed by Replication Manager administrators from within the Replication Manager Server. In the time span exposed before registering a Replication Manager Client instance with a Replication Manager Server, the RunProgram function of the Replication Manager Client instance can be invoked with arbitrary arguments by remote unauthenticated attackers in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine. This module exploits this misconfiguration scenario in order to install an agent on machines running still unregistered instances of EMC Replication Manager Client. NOCVE-9999-55211 Exploits/Remote Code Execution Windows
Symantec Web Gateway Management Console Remote Code Execution Exploit The Symantec Web Gateway Management Console before 5.2.5 allows some specially crafted entries to update the whitelist without validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a specifically-modified script to create an unauthorized whitelist entry. This whitelist entry could potentially be leveraged in further malicious attempts against the network. CVE-2016-5313 Exploits/Remote Code Execution Linux
JBoss Seam 2 Framework actionOutcome Remote Code Execution Exploit An input sanitization flaw was found in the way JBoss Seam processes certain parameterized JBoss Expression Language (EL) expressions. A remote unauthenticated attacker could use this flaw to execute arbitrary code via GET requests, containing specially-crafted expression language parameters, provided to web applications based on the JBoss Seam framework. This module exploits the vulnerability in any web application based on vulnerable versions of the Seam 2 framework. CVE-2010-1871 Exploits/Remote Code Execution Linux
IBM WebSphere commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit IBM WebSphere Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution. NOCVE-9999-74928 Exploits/Remote Code Execution Windows
CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the database credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator. CVE-2011-1655 Exploits/Remote Code Execution Windows
JBoss commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. NOCVE-9999-74929 Exploits/Remote Code Execution Windows, Linux
Oracle Secure Backup Remote Command Execution Exploit Update This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. This update adds Solaris support. CVE-2009-1977 Exploits/Remote Code Execution Windows, Solaris
PHPMyAdmin Setup Config Remote Code Execution Exploit Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. CVE-2009-1151 Exploits/Remote Code Execution Solaris, Linux, Mac OS X
Jenkins commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. NOCVE-9999-74930 Exploits/Remote Code Execution Windows, Linux
Oracle GlassFish Server Administration Console Authentication Bypass Remote Code Execution Exploit The Administration Console of Oracle GlassFish Server is prone to an authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this in order to execute arbitrary code on the vulnerable server. CVE-2011-1511 Exploits/Remote Code Execution Solaris, Windows, Linux, Mac OS X
Oracle GlassFish Server Administration Console Authentication Bypass Remote Code Execution Exploit Update The Administration Console of Oracle GlassFish Server is prone to an authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this in order to execute arbitrary code on the vulnerable server. This update adds support for Solaris platforms. CVE-2011-1511 Exploits/Remote Code Execution Solaris, Windows, Linux, Mac OS X
WeBid converter Remote Code Execution Exploit Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code. NOCVE-9999-53406 Exploits/Remote Code Execution Solaris, Linux, Windows, Mac OS X
OP5 license Remote Code Execution Exploit op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection. CVE-2012-0261 Exploits/Remote Code Execution none
Openfiler Remote Code Execution Exploit Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution. NOCVE-9999-65590 Exploits/Remote Code Execution Linux
JBoss EJBInvokerServlet Java Deserialization Vulnerability Remote Code Execution Exploit JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution. This vulnerability affects the EJBInvokerServlet component of the server. NOCVE-9999-75005 Exploits/Remote Code Execution Windows, Linux
JBoss Application Server DeploymentFileRepository Remote Code Execution Exploit A directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server allows remote attackers who are able to access the console manager to create files on arbitrary locations of the filesystem. This can be abused to gain execution of arbitrary code by sending special HTTP requests to the JMX Console. CVE-2006-5750 Exploits/Remote Code Execution Windows, Linux
Atlassian FishEye Struts 2 ParametersInterceptor Remote Code Execution Exploit The ParametersInterceptor class of XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions. CVE-2010-1870 Exploits/Remote Code Execution Windows, Solaris, Linux
CA Total Defense UNCWS Web Service exportReport Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. NOCVE-9999-51517 Exploits/Remote Code Execution Windows
CA Total Defense UNCWS Web Service UnAssignAdminUsers Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Code Execution Windows
Symantec Web Gateway blocked_file.php Remote Code Execution Exploit The spywall/blocked_file.php script of Symantec Web Gateway allows remote unauthenticated users to upload files with arbitrary extensions. This can be abused by attackers to execute arbitrary PHP code on vulnerable systems. CVE-2012-0299 Exploits/Remote Code Execution Linux
Oracle Secure Backup Remote Command Execution Exploit This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. CVE-2009-1977 Exploits/Remote Code Execution Windows, Solaris
JBoss Enterprise Application Platform JMX Console Authentication Bypass Remote Code Execution Exploit The JMX-Console web application in JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. This module will exploit this vulnerability to deploy an agent by uploading a JSP file to the target server. CVE-2010-0738 Exploits/Remote Code Execution Linux
Microsoft ASP.NET Hash Table Collisions DoS (MS11-100) This module sends HTTP requests with specially crafted data making the ASP.NET subsystem consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3414 Denial of Service/Remote Windows
OpenBSD DHCP Remote DoS Update This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
MetaServer RT Packet Processing Remote DoS The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a crash via a specially crafted packet sent to TCP port 2194. NOCVE-9999-50146 Denial of Service/Remote Windows
Apache mod_isapi Denial of Service Exploit The Apache HTTP Server, commonly referred to as Apache, is a popular open source web server software. mod_isapi is a core module of the Apache package that implements the Internet Server extension API. The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts. By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. CVE-2010-0425 Denial of Service/Remote Windows
ISC BIND TKEY assert DoS This module exploits a vulnerability while handling TKEY queries in the BIND service to cause a DoS. CVE-2015-5477 Denial of Service/Remote Solaris, Linux
MSRPC MSDTC Allocation MS06-018 DoS Update This is a denial of service exploit for a vulnerability in the MSDTC component of windows systems (MS06-018). This update fixes the correct CVE number (CVE-2006-1184) CVE-2006-1184 Denial of Service/Remote Windows
Microsoft Windows SMTP Server MX Record Vulnerability DoS (MS10-024) Update This update fixes some mistakes in the module documentation. This module exploits a vulnerability on Microsoft Windows SMTP Server 64 bits sending a malformed DNS response from a spoofed DNS Server. CVE-2010-0024 Denial of Service/Remote Windows
Sun Java System Web Server Digest DoS Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE" or "OPTIONS" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code. This exploit forces the server process to throw an unhandled exception and be restarted. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0387 Denial of Service/Remote Solaris, Windows, Linux, AIX